The Agent Skills Directory

[EXTERNAL_DOWNLOADS]: The skill relies on a wide variety of third-party, community-contributed Apify actors for data extraction (e.g., dev_fusion/Linkedin-Company-Scraper, curious_coder/linkedin-jobs-scraper, pratikdani/crunchbase-companies-scraper). While Apify is a known platform, these specific actors are created by community members whose code and updates are not verified by this analysis, representing a supply-chain risk.
[COMMAND_EXECUTION]: In the 'Authentication' section of SKILL.md, the skill instructs users to run source .env. If an attacker can modify the .env file within the agent's working directory, this command will execute arbitrary shell code. The skill also suggests using python3 -c and jq to process data from external files.
[REMOTE_CODE_EXECUTION]: The core functionality involves apify actors call "ACTOR_ID", which executes remote code on the Apify platform. The use of community-maintained actors (not prefixed with apify/) means the agent is invoking remote logic from unverified sources.
[PROMPT_INJECTION]: This skill is vulnerable to Indirect Prompt Injection (Category 8).
Ingestion points: Web content is ingested from various sources including G2, LinkedIn, Reddit, Amazon, and news sites through Apify actors, with results saved to /tmp/results.json and then read by the agent.
Boundary markers: There are no instructions provided to the agent to use delimiters or to ignore potential instructions embedded within the scraped markdown or JSON data.
Capability inventory: The skill possesses significant capabilities, including running shell commands (apify, jq), executing dynamic Python snippets (python3 -c), and performing network operations (via the scrapers).
Sanitization: No sanitization, validation, or escaping of the external web content is performed before it is processed or presented to the agent for analysis.

apify-easy-competitive-intelligence